[pmwiki-users] JITS: AuthUser necessary ?

[The Editor]

On 5/20/07, ThomasP <pmwikidev at sigproc.de> wrote:
>
> The remaining question is: does the MemberMgmt recipe work with UserAuth2?
> From what I read I don't think so.
>
> In case MemberMgmt reads/writes directly from/to Site.AuthUser, it
> obviously does not work together. Could you in the MemberMgmt recipe
> branch the operations depending on the authentication module running, and
> I will provide appropriate hooks in UserAuth2 to be called by MemberMgmt?

Actually no, MemberMgmt authenticates against passwords stored in
Profiles pages (either encrypted or encoded) and then uses authuser's
AuthUserId( ) function to set the authid variable. Then it extracts
any user group memberships from Memberships pages and sets those using
authuser's SessionAuth( ).

So MemberMgmt really is it's own authentication system--that rests on
AuthUser to handle things like permissions and stuff after ZAP log's
them in. If I can make this work with UserAuth, I'd be more than happy
to. Just let me know what you have in mind.

Cheers,
Dan

PS.  I didn't reply to your long post describing the features of
UserAuth(2) but I wanted to say I was very impressed. I did not really
understand what it did before, and I definitely appreciate it's
philosophy. FWIW, ZAP has been steaily moving that direction in terms
of how it manages it's security, and I think even Pm will start moving
that direction from hints of how he will set up the commenting system
target controls. I personally have found centralizing control to a few
pages, rather than spreading it out across the wiki is much easier.

Coincidentally, the new wiki engine I'm working on will work VERY much
like UserAuth in terms of security, user & group mgmt, permissions,
etc. Very enlightening to read your post. Thanks for the good work you
are doing with UserAuth!


Cheers,
Dan